Re: Feature Request?

[Chris Green <cmg () uab edu>]

Kevin Brown <Kevin.M.Brown () asu edu> writes:

> I was wondering how hard it might be to implement something within snort as
> part of the logging features.  The snort box that I run here connects to a
> remote database to log alerts.  The problem is that for various reasons
> (firewall crashing, servers being rebooted, etc...) snort looses connection
> with the SQL db and then the snort process dies.  A possible feature that
> could be useful for others who might be in a similar situation would be some
> way to cache the inserts until such a time as the server comes back online
> and then the data could be sent.

That's going to be done when Spo_unified is used for logging and then
barnyard will be able to do the blocking process ( and possibly block
for a long time as you've found out ) of inserting .

I would recommend something to check on the snort process more often
than every time you are in town :)
-- 
Chris Green <cmg () uab edu>
"I'm beginning to think that my router may be confused."

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users